Experience 30 days of pure bliss with Caspen, absolutely free. No credit card needed, and you can cancel at any time.

Privacy policy

1. Definition

1.1 Purpose and Scope

For the purposes of Privacy Policy, “Caspen” refers to the business operated by Tarsier Pty Ltd, an entity registered in Australia under ABN 91 651 519 630. Tarsier Pty Ltd, trading as Caspen, is the legal entity with which you are entering into an agreement. This Privacy Policy outlines Tarsier Pty Ltd (Caspen)’s commitment to the protection of personal information. It details our practices regarding the collection, use, disclosure, and handling of personal information in compliance with the Privacy Act 1988 (Cth) (Privacy Act), the Australian Privacy Principles (APPs), and, where applicable, the General Data Protection Regulation (EU) 2016/679 (GDPR).

1.2 Key Definitions
1.2.1 Policy

Refers to this Privacy Policy, which outlines the terms governing your use of the Caspen software application (“Service”) and any other services provided by Tarsier Pty Ltd (“we”, “us”, “our”).

1.2.2 Website

The Caspen website, as detailed in the Schedule to these Policy.

1.2.3 You and Your

Any individual who accesses or uses the Caspen website and/or affiliated services.

1.2.4 Client

Refers to any client, customer, or patient to whom you provide or sell products or services using our Service.

1.2.5 Your Business

The business or organization through which you offer your products or services.

1.3 Applicability
  • This policy applies to Tarsier Pty Ltd (Caspen), including its directors, employees, agents, contractors, and any related parties, regarding the management of personal information in the workplace and through the services provided on the Caspen website.
  • It is relevant to all users of the Caspen website and services, including employees and contractors.
1.4 Integration with Terms and Conditions

This Privacy Policy should be read alongside the Terms and Conditions for the website. Users are encouraged to familiarize themselves with both documents and review them periodically to stay informed of any changes.

2. Types of Personal Information Collected

The Website or Service may collect, use, store, and transfer the following types of personal information:

2.1 Identity Data

Includes first name, last name, title, address, email address, and username, which may be collected directly through the Website (Website User Identity Data), by a Business location (Client Identity Data), or concerning employees and contractors of a Business location (Business Location Identity Data).

2.2 Contact Data

Comprises billing address, shipping address, email addresses, and telephone numbers.

2.3 Financial Data

All information required by law or payment processors to aid with financial transactions.

2.4 Clinic Data

Medical history, treatments, Medicare and health care identifiers, and health fund information, if applicable.

2.5 Transaction Data

Details about payments and purchases from us.

2.6 Technical Data

IP addresses, browser types and versions, operating systems, and device information.

2.7 Profile Data

Username, password, purchase orders, interests, preferences, feedback, and reviews.

2.8 Usage Data

Information on how you use the Service.

2.9 Marketing and Communications Data

Your preferences in receiving marketing from us and your communication preferences.

2.10 Third-Party Data

Information from partners, sub-contractors, and other sources.

2.11 Sensitive Data

Includes membership in professional associations, trade unions, sexual orientation, and criminal records.

2.12 Product and Service Data

Opinions and information about our transactions and business activities.

2.13 Proof of Identity Data

Identifiers, citizenship, residency details, background checks, and next of kin details.

2.14 Digital Media Data

Digital content such as videos and audio recordings.

3. Conditions for Personal Information Management

3.1 Anonymity and Pseudonymity

You may choose to interact with us anonymously or through a pseudonym where practical. However, for certain products or services, verifying your identity may be necessary.

3.2 Consequences of Non-Disclosure

Failure to provide requested information may impact our ability to deliver products and services.

3.3 Third-Party Information

If we receive personal information from third parties, we ensure consent is obtained, and if not permissible by law, we will either destroy or de-identify the information.


4. Purpose and Use of Collected Personal Information

4.1 Primary Uses
  • Service Provision: To offer products/services and communicate with you.
  • Customer Support: To respond to inquiries and provide advice on products/services.
  • Updates: To inform you of changes to our location, Terms and Conditions, or Privacy Policy.
  • Website Optimization: For performance assessment and improvement.
  • Customer Service Improvement: To evaluate and enhance our customer service.
  • Business Operations: To support business processing functions, involving sharing information with our corporate entities, contractors, or third parties for operational purposes.
  • Marketing and Development: For marketing, planning, product/service development, quality control, and research purposes. This includes direct marketing and market research.
  • Compliance and Response: To address complaints, inquiries, and to fulfil legal and regulatory obligations.
4.2 Communication Methods

The Website or Service may reach out to you via email, post, or telephone for any of the aforementioned purposes.

4.3 Third-Party Personal Information

If providing personal information about others (e.g., family members), ensure they are aware of and consent to this Privacy Policy. For third parties unable to consent (e.g., minors), guardian consent is required.

4.4 Marketing Use

Personal information may be used for marketing, with the assurance that it won’t be disclosed to third parties without your permission, except as legally required or outlined in this Privacy Policy.

4.5 Consent and Sensitive Information

Your sensitive information will not be used or disclosed without consent, except as necessary under law or regulatory requirements.

4.6 Personal Information Removal

Upon request, the Service will remove your personal information in line with its data destruction policy to ensure data security.

4.7 Anonymity Options

Where feasible, options to remain anonymous or use pseudonyms will be provided, though not always practical for all interactions, especially those requiring legal identification.


5. Legal Basis for Processing Under GDPR and UK GDPR

5.1 Processing Principles

The Service commits to processing your personal information lawfully, fairly, and in a transparent manner. The choice of legal basis for processing depends on the type of Personal Data collected and the context of its collection.

5.2 Legal Grounds for Processing
  • Consent: You have explicitly given permission for processing your Personal Data for specific purposes.
  • Legitimate Interests: Processing is necessary for the interests of the Service, provided these interests do not infringe on your rights and freedoms. A Legitimate Interest Assessment (LIA) is conducted to ensure this balance.
  • Legal Compliance: Processing is required to comply with legal obligations.
5.3 Data Location

Your personal information will be stored within Australia, Canada, the UK, or the USA, unless specified otherwise in this Privacy Policy. This is to ensure that data storage and processing practices are consistent with the legal requirements of GDPR and UK GDPR regarding international data transfers.


6. Direct Marketing Communications Consent and Opt-Out Policy

6.1 Consent for Marketing

By accepting the Website’s Conditions and providing your personal information, you agree to receive direct marketing communications from us through the methods previously outlined (refer to the section on Purposes for Collecting, Holding, Using, and Disclosing your Personal Information). If you have a preferred communication method, we will aim to use it whenever possible.

6.2 Opting Out

You can opt out of our marketing communications at any time by contacting us using the address provided in the Schedule to these Policy or via the opt-out options in the marketing materials. Following your opt-out request, we will remove your name from our marketing distribution lists.

6.3 Exceptions to Opting Out

It’s important to note that opting out of marketing communications does not preclude you from receiving essential communications related to your purchases, such as invoices and service notices.


7. Do Not Track (DNT) Policy

Please be aware that our data collection and usage practices remain unchanged on the Website, even when we detect a Do Not Track (DNT) signal from your browser.


8. Data Storage and Security Measures

8.1 Data Storage Locations and Practices
  • Electronic and Paper Storage: To maintain consistent service quality, we manage data both electronically and in paper form.
  • Third-Party Cloud Services: Electronic data storage is handled by third-party cloud service providers. Your information, or backups thereof, may be stored in:
    • Locations determined by our third-party cloud service providers (details of these jurisdictions are available on the Sub-Processors List located in this Privacy Policy).
8.2 Data Transfer and Processing

The information we collect may be transferred to, stored, and processed by our staff or third parties in various jurisdictions, including those outside of your country of residence, to facilitate our services.

8.3 Security Measures and Information Handling
  • We are committed to protecting your information against misuse, interference, loss, unauthorized access, modification, or disclosure by taking reasonable security measures. However, we acknowledge that no internet transmission is entirely secure.
  • By providing information to us, you consent to its use, storage, and disclosure in line with our policies and applicable privacy laws.


9. Disclosing Your Information

To Whom We Disclose

9.1 Within Our Organization and Service Network

Personal information may be disclosed to our employees, related entities, contractors, and service providers. This is for the purpose of operating our Website, conducting our business, fulfilling your requests, and providing you with our products and services. This includes IT and network administrators, web hosts, payment processors, mailing services, debt collectors, advisors like accountants and lawyers, and more.

9.2 External Business Relationships

We share information with suppliers and third parties where we have commercial relationships for business and marketing purposes.

9.3 Regulatory and Law Enforcement

Information may be disclosed to government bodies, regulatory agencies, and law enforcement as necessary.

9.4 With Your Consent

Disclosure to other organizations for any purpose occurs only with your explicit consent, which may include insurers and legal representatives.

9.5 Information Sharing Practices

We may combine or share the information we collect from you with our related entities.

9.6 Privacy Responsibility and Third-Party Policies

While we disclose information to third parties, we are not accountable for their privacy practices. It is the responsibility of third parties to inform you of their privacy policies. A list of the third-party sub-processors can be found in the Sub-Processors List, located in this Privacy Policy.

9.7 Limitations on Disclosure

Beyond the conditions stated in this Privacy Policy, the Service will not disclose your personal information without your consent, except as mandated by law.


10. International Data Transfers Policy

The Service collects and stores Personal Information on a global scale, including from all jurisdictions where we operate and across our international legal entities. For the purpose of delivering the Service to you, we may transfer, process, and store your Personal Information outside of your country of residence, to locations where Service or our third-party service providers are based.


11. Access to and Correction of Personal Information

11.1 Access Requests

You can request access to the Personal Information we hold about you at any time by contacting our Privacy Officer, as detailed in the Schedule to these Policy. We aim to respond promptly within a reasonable timeframe, providing access to your Personal Information unless legally restricted.

11.2 Fees and Denials

Where legally permitted, a reasonable fee may be charged for processing your access request. If access is denied, we will provide a written explanation detailing the legal basis for this decision.

11.3 Correction Requests

If you find any Personal Information we hold about you to be incorrect, outdated, incomplete, irrelevant, or misleading, please contact our Privacy Officer. We are committed to correcting any inaccuracies in your Personal Information.

11.4 Handling Refusals

Should we refuse to correct your Personal Information, you will receive a reasoned explanation for such refusal, unless providing one is deemed unreasonable. You have the right to request that a statement be associated with your Personal Information, indicating your correction request.

12. Complaints Process


If you believe that the Service has not adhered to relevant laws, the terms of this Policy, or if you wish to appeal a decision regarding your Personal Information, please submit a written complaint to our Privacy Officer, utilizing the contact information provided in the Schedule to these Policy.

12.2 Upon receipt of your complaint, we commit to:
  • Acknowledging your complaint within a reasonable timeframe, or within the specific period mandated by law.
  • Informing you about the subsequent actions we intend to take to address your complaint.

13. Data Security and Indemnity Provisions

13.1 Data Security

The Service employs reasonable efforts to protect your personal information, but we cannot guarantee absolute security against unauthorized access, misuse, or disclosure. We are not liable for the actions of unauthorized third parties.

13.2 Third-Party Interactions

We assume no responsibility for third parties, such as advertisers, who use banner ads and links on our Website. Interactions with third-party sites are governed by their respective privacy policies.

13.3 Confidentiality Obligations

All Service employees and contractors are bound by confidentiality agreements to ensure they do not misuse or disclose your personal information contrary to this Privacy Policy.

13.4 Data Retention

Your personal information is retained in accordance with legal requirements and only for as long as necessary for our business purposes or until you request its removal by contacting us using contact information in the Schedule to these Policy.

13.5 Indemnity

You agree to defend, indemnify, and hold harmless the  Service and its affiliates, including officers, directors, employees, agents, subcontractors, licensors, and suppliers, against any claims or liabilities arising from your use of the Website or violations of the Privacy policy or Terms and Conditions.

14. Privacy Policy Governance and Updates

  • The handling of all information by the Service is governed at all times by the most current version of our Privacy Policy.
  • We reserve the right to modify the Privacy Policy at any time, without prior notice.
  • We commit to informing you as soon as reasonably possible following any changes to our Privacy Policy.


15. Data Destruction Policy

  • The Service is committed to protecting your privacy by securely disposing of personal and health information that is no longer needed for any purpose and is not legally required to be retained. We follow strict procedures to ensure the privacy-preserving destruction of such documents and records.
  • Upon your request, the Service will promptly remove your personal information from our database.


16. Notifiable Data Breach Notification Policy

  • Should we experience a Notifiable Data Breach, we commit to notifying you within 14 days from the moment we become aware of the breach.
  • Definition: A “Notifiable Data Breach” is defined as any unauthorized access to, disclosure of, or loss of your personal information that legislation or regulations in the applicable jurisdiction mandate us to notify you about.

17. Compliance with Local Access and Privacy Laws


The Service operates globally and recognizes that patients’ Personal Information and medical practitioners’ obligations may be governed by the privacy laws of the patients’ country of residence. We commit to taking all reasonable measures to comply with such local access and privacy laws, in alignment with our legal obligations under Australian law, where our operations are based.

17.2 Data Processing Addendum for GDPR and UK GDPR Compliance
  • To address the needs of Customers in the European Union and the United Kingdom, or those subject to GDPR or UK GDPR, the Service provides Standard Contractual Clauses through a Data Processing Addendum (DPA).
  • These DPAs, essential for ensuring compliance with GDPR and UK GDPR, are incorporated by reference into our Agreement with you.
  • The UK DPA is accessible at UK DPA Link, and the EU DPA is available at EU DPA Link.


18. Inquiries and Complaints Regarding Privacy Policy

Should you have any questions, concerns, or complaints about this Privacy Policy or the handling of your personal information, please feel free to contact us.

19. Schedule


Caspen Website

Notices to the following address




United Kingdom



United States of America



New Zealand







20. Sub-Processors List



Payment processing



Hosting service



Email & SMS gateway



Customer experience analytics



Web analytics